blob: b7841e0729fe5f39c0e240966f44840a6daad39d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
-- | Maintainer: Sean Whitton <spwhitton@spwhitton.name>
module Propellor.Property.Firejail (
installed,
jailed,
) where
import Propellor.Base
import qualified Propellor.Property.Apt as Apt
import qualified Propellor.Property.File as File
-- | Ensures that Firejail is installed
installed :: Property DebianLike
installed = Apt.installed ["firejail"]
-- | For each program name passed, create symlinks in /usr/local/bin that
-- will launch that program in a Firejail sandbox.
--
-- The profile for the sandbox will be the same as if the user had run
-- @firejail@ directly without passing @--profile@ (see "SECURITY PROFILES" in
-- firejail(1)).
--
-- See "DESKTOP INTEGRATION" in firejail(1).
jailed :: [String] -> Property DebianLike
jailed ps = (jailed' `applyToList` ps)
`requires` installed
`describe` unwords ("firejail jailed":ps)
jailed' :: String -> Property UnixLike
jailed' p = ("/usr/local/bin" </> p)
`File.isSymlinkedTo` File.LinkTarget "/usr/bin/firejail"
|